2019-06-19 16:34:04 +00:00
# API
Traefik exposes a number of information through an API handler, such as the configuration of all routers, services, middlewares, etc.
As with all features of Traefik, this handler can be enabled with the [static configuration ](../getting-started/configuration-overview.md#the-static-configuration ).
## Security
Enabling the API in production is not recommended, because it will expose all configuration elements,
including sensitive data.
In production, it should be at least secured by authentication and authorizations.
A good sane default (non exhaustive) set of recommendations
would be to apply the following protection mechanisms:
2019-10-25 15:32:04 +00:00
* At the transport level:
2019-06-19 16:34:04 +00:00
NOT publicly exposing the API's port,
keeping it restricted to internal networks
(as in the [principle of least privilege ](https://en.wikipedia.org/wiki/Principle_of_least_privilege ), applied to networks).
## Configuration
2019-09-19 14:20:06 +00:00
If you enable the API, a new special `service` named `api@internal` is created and can then be referenced in a router.
2019-09-06 13:08:04 +00:00
2019-10-25 15:32:04 +00:00
To enable the API handler, use the following option on the
[static configuration ](../getting-started/configuration-overview.md#the-static-configuration ):
2019-06-19 16:34:04 +00:00
2019-07-22 07:58:04 +00:00
```toml tab="File (TOML)"
2019-10-25 15:32:04 +00:00
# Static Configuration
2019-06-19 16:34:04 +00:00
[api]
```
2019-07-22 07:58:04 +00:00
```yaml tab="File (YAML)"
2019-10-25 15:32:04 +00:00
# Static Configuration
2019-07-22 07:58:04 +00:00
api: {}
```
2019-06-19 16:34:04 +00:00
```bash tab="CLI"
2019-07-22 07:58:04 +00:00
--api=true
2019-06-19 16:34:04 +00:00
```
2019-10-25 15:32:04 +00:00
And then define a routing configuration on Traefik itself with the
[dynamic configuration ](../getting-started/configuration-overview.md#the-dynamic-configuration ):
2019-09-06 13:08:04 +00:00
```yaml tab="Docker"
2019-10-25 15:32:04 +00:00
# Dynamic Configuration
2019-09-23 15:00:06 +00:00
labels:
2019-10-25 15:32:04 +00:00
- "traefik.http.routers.api.rule=Host(`traefik.domain.com`)
2019-09-06 13:08:04 +00:00
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
2019-10-15 15:34:08 +00:00
```yaml tab="Consul Catalog"
# Declaring the user list
- "traefik.http.routers.api.rule=PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
2019-09-06 13:08:04 +00:00
```json tab="Marathon"
"labels": {
2019-10-25 15:32:04 +00:00
"traefik.http.routers.api.rule": "Host(`traefik.domain.com`)",
"traefik.http.routers.api.service": "api@internal",
"traefik.http.routers.api.middlewares": "auth",
2019-09-06 13:08:04 +00:00
"traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
}
```
```yaml tab="Rancher"
2019-10-25 15:32:04 +00:00
# Dynamic Configuration
2019-09-06 13:08:04 +00:00
labels:
2019-10-25 15:32:04 +00:00
- "traefik.http.routers.api.rule=Host(`traefik.domain.com`)
2019-09-23 15:00:06 +00:00
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
2019-09-06 13:08:04 +00:00
```
```toml tab="File (TOML)"
2019-10-25 15:32:04 +00:00
# Dynamic Configuration
2019-09-06 13:08:04 +00:00
[http.routers.my-api]
2019-10-25 15:32:04 +00:00
rule="Host(`traefik.domain.com`)
2019-09-06 13:08:04 +00:00
service="api@internal"
middlewares=["auth"]
[http.middlewares.auth.basicAuth]
users = [
2019-10-25 15:32:04 +00:00
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
2019-09-23 15:00:06 +00:00
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
2019-09-06 13:08:04 +00:00
```
```yaml tab="File (YAML)"
2019-10-25 15:32:04 +00:00
# Dynamic Configuration
2019-09-06 13:08:04 +00:00
http:
routers:
api:
2019-10-25 15:32:04 +00:00
rule: Host(`traefik.domain.com`)
2019-09-06 13:08:04 +00:00
service: api@internal
middlewares:
- auth
middlewares:
auth:
basicAuth:
users:
2019-10-25 15:32:04 +00:00
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
2019-09-23 15:00:06 +00:00
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
2019-09-06 13:08:04 +00:00
```
2019-10-25 15:32:04 +00:00
??? warning "The router's [rule ](../../routing/routers#rule ) must catch requests for the URI path `/api` "
Using an "Host" rule is recommended, by catching all the incoming traffic on this host domain to the API.
However, you can also use "path prefix" rule or any combination or rules.
```bash tab="Host Rule"
# Matches http://traefik.domain.com, http://traefik.domain.com/api
# or http://traefik.domain.com/hello
rule = "Host(`traefik.domain.com`)"
```
```bash tab="Path Prefix Rule"
# Matches http://api.traefik.domain.com/api or http://domain.com/api
# but does not match http://api.traefik.domain.com/hello
rule = "PathPrefix(`/api`)"
```
```bash tab="Combination of Rules"
# Matches http://traefik.domain.com/api or http://traefik.domain.com/dashboard
# but does not match http://traefik.domain.com/hello
rule = "Host(`traefik.domain.com`) & & (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
```
2019-09-06 13:08:04 +00:00
### `insecure`
Enable the API in `insecure` mode, which means that the API will be available directly on the entryPoint named `traefik` .
2019-09-23 12:32:04 +00:00
!!! info
2019-09-06 13:08:04 +00:00
If the entryPoint named `traefik` is not configured, it will be automatically created on port 8080.
```toml tab="File (TOML)"
[api]
insecure = true
```
```yaml tab="File (YAML)"
api:
insecure: true
```
```bash tab="CLI"
--api.insecure=true
```
2019-06-19 16:34:04 +00:00
### `dashboard`
_Optional, Default=true_
Enable the dashboard. More about the dashboard features [here ](./dashboard.md ).
2019-07-22 07:58:04 +00:00
```toml tab="File (TOML)"
2019-06-19 16:34:04 +00:00
[api]
dashboard = true
```
2019-07-22 07:58:04 +00:00
```yaml tab="File (YAML)"
api:
dashboard: true
```
2019-06-19 16:34:04 +00:00
```bash tab="CLI"
2019-07-22 07:58:04 +00:00
--api.dashboard=true
2019-06-19 16:34:04 +00:00
```
2019-10-25 15:32:04 +00:00
!!! warning "With Dashboard enabled, the router [rule ](../../routing/routers#rule ) must catch requests for both `/api` and `/dashboard` "
Please check the [Dashboard documentation ](./dashboard.md#dashboard-router-rule ) to learn more about this and to get examples.
2019-06-19 16:34:04 +00:00
### `debug`
_Optional, Default=false_
2019-09-23 12:32:04 +00:00
Enable additional [endpoints ](./api.md#endpoints ) for debugging and profiling, served under `/debug/` .
2019-06-19 16:34:04 +00:00
2019-07-22 07:58:04 +00:00
```toml tab="File (TOML)"
2019-06-19 16:34:04 +00:00
[api]
debug = true
```
2019-07-22 07:58:04 +00:00
```yaml tab="File (YAML)"
api:
debug: true
```
2019-06-19 16:34:04 +00:00
```bash tab="CLI"
--api.debug=true
```
## Endpoints
All the following endpoints must be accessed with a `GET` HTTP request.
2019-10-07 07:38:04 +00:00
| Path | Description |
|--------------------------------|---------------------------------------------------------------------------------------------|
| `/api/http/routers` | Lists all the HTTP routers information. |
| `/api/http/routers/{name}` | Returns the information of the HTTP router specified by `name` . |
| `/api/http/services` | Lists all the HTTP services information. |
| `/api/http/services/{name}` | Returns the information of the HTTP service specified by `name` . |
| `/api/http/middlewares` | Lists all the HTTP middlewares information. |
| `/api/http/middlewares/{name}` | Returns the information of the HTTP middleware specified by `name` . |
| `/api/tcp/routers` | Lists all the TCP routers information. |
| `/api/tcp/routers/{name}` | Returns the information of the TCP router specified by `name` . |
| `/api/tcp/services` | Lists all the TCP services information. |
| `/api/tcp/services/{name}` | Returns the information of the TCP service specified by `name` . |
| `/api/entrypoints` | Lists all the entry points information. |
| `/api/entrypoints/{name}` | Returns the information of the entry point specified by `name` . |
| `/api/overview` | Returns statistic information about http and tcp as well as enabled features and providers. |
| `/api/version` | Returns information about Traefik version. |
| `/debug/vars` | See the [expvar ](https://golang.org/pkg/expvar/ ) Go documentation. |
| `/debug/pprof/` | See the [pprof Index ](https://golang.org/pkg/net/http/pprof/#Index ) Go documentation. |
| `/debug/pprof/cmdline` | See the [pprof Cmdline ](https://golang.org/pkg/net/http/pprof/#Cmdline ) Go documentation. |
| `/debug/pprof/profile` | See the [pprof Profile ](https://golang.org/pkg/net/http/pprof/#Profile ) Go documentation. |
| `/debug/pprof/symbol` | See the [pprof Symbol ](https://golang.org/pkg/net/http/pprof/#Symbol ) Go documentation. |
| `/debug/pprof/trace` | See the [pprof Trace ](https://golang.org/pkg/net/http/pprof/#Trace ) Go documentation. |